Recently-merged Fei Protocol and Rari Capital DeFi projects have suffered a cyberattack that resulted in the loss of over $80 million.
Over the weekend, DeFi security firm BlockSec detected an exploit of multiple streams connected to the decentralized finance protocols which took advantage of what is known as a reentrancy vulnerability. A reentrancy attack occurs when a function makes an external call to another untrusted contract. Then the untrusted contract makes a recursive call back to the original function in an attempt to drain funds.
Fei Protocol and Rari Capital have confirmed the attack and offered the hacker a $10 million bounty if they return the remaining user funds.
On April 30, another decentralized finance protocol, Saddle Finance, revealed it had suffered a $10 million hack. The attacker took advantage of the wrong MetaSwapUtils lib used to calculate the swap and then initiated the exploit with 1 ETH withdrawn from Tornado Cash.
According to blockchain analysis company Chainalysis, in the first three months of 2022, hackers have stolen $1.3 billion from exchanges, platforms, and private entities, and almost 97% of all cryptocurrency stolen has been taken from DeFi protocols, up from 72% in 2021 and just 30% in 2020.